Professional Documents
Culture Documents
www.manageengine.com/ad360
TABLE OF CONTENTS
3. Current state of Zero Trust model with the flood of remote work 6
a. Zero Trust adoption is on the rise 6
b. Zero Trust powers digital transformation 7
corporate network as trustworthy. These security models use technologies such as virtual private
networks (VPNs) and network access control (NAC) to verify the credentials of users outside the
network before granting access. With the proliferation of remote work, the new enterprise
architecture is redefining the perimeter. Data is stored outside of corporate walls, and users access
enterprise applications through various types of devices from locations outside the corporate
network.
The Zero Trust model is a response to the fact that the perimeter-based security model doesn't
work—innumerable data breaches have occurred because hackers got past corporate firewalls and
location. Enterprises shouldn’t trust something simply because it is behind an enterprise firewall.
Instead, everything including each user, device, and even the network itself should be considered
untrustworthy until proven otherwise. Data transfer should occur only after trust has been
established through strong authentication and authorization. Additionally, analytics, filtering, and
VERIFY THE USER VALIDATE THE DEVICE LIMIT ACCESS & PRIVILEGE
Insider threat:
||||||
detect any access activity outside of the norm and block account or
system access.
Network visibility:
||||||
Some encrypted network traffic may be difficult for the enterprise to
on the network.
Policy gaps:
An attacker exploits the gaps between different access policies that apply
||||||
authentication.
Vulnerable endpoints:
||||||
private networking firm NetMotion Software, more than 70 percent of organizations are
considering adopting a Zero Trust model following the pandemic and the shift to extensive
remote work. The 2020 Zero Trust Progress Report shows nearly a third of cybersecurity experts
Okta conducted another survey of 500 IT security leaders that shows a massive 275
percent year-on-year growth in the number of North American organizations that have or plan
80
60
40
20
0
Australia and Europe North America World’s Largest
New Zealand Companies
Yes No
Okta also found that 60 percent of organizations in North America, and 40 percent globally,
multifold. Forrester estimates that 80 percent of data breaches are caused by privileged access
abuse. Enterprises urgently need to replace their legacy identity management approaches to a
IT teams need to improve how they’re protecting the most privileged access credentials by granting
just-enough, just-in-time privilege. Of the many cybersecurity frameworks available today, Zero
Trust is the most effective, enabling IT to grant the least privilege access to users upon verifying who
is requesting access, the context of the request, and sensitivity of the access environment.
ZERO TRUST
All communication is secured regardless of
network location
You need not comply with all of these tenets. Pick and choose the ones that will make your network
more secure.
Consider the entire enterprise private network insecure. This requires actions such as
authenticating all communications and encrypting network traffic before assets are granted
With bring your own device (BYOD) policies in place, not all enterprise resources are on
enterprise-owned infrastructure. Similarly, not all devices on the enterprise network are
Remote subjects should not trust the local (i.e., non-enterprise owned) network. All
connection requests should be authenticated and authorized, and all network traffic should
be monitored securely.
Assets and workflows migrating form enterprise on-premises data centers to non-enterprise
cloud instances should follow access policies and maintain proper security posture.
Identify the places where the identities need to interact with the resources and control the
||||||
and who doesn't. Further, it makes the access decision based on several factors and
||||||
communication path between a subject and a resource. The PA can only connect a
||||||
The functioning of these components is enabled by several local and external data sources that
work together to make access decisions. These include continuous diagnostics and mitigation (CDM)
systems, compliance systems, threat intelligence programs, data access policies, identity
management systems, and security information and event management (SIEM) systems.
It’s essential that organizations are equipped to monitor their entire IT environment for signs of
malicious activity. While external attackers first need to penetrate the network before they can find
the information they seek, malicious insiders already know where all the valuable data is and how to
access it.
A Zero Trust environment utilizes automated security operations as a method of staying ahead of
such security threats. Therefore, security analytics plays a crucial role in implementing a solid Zero
Trust model. With automations and machine learning, you can generate risk scores for potential
threats as they occur. Based on these scores, automated workflows can be triggered to respond to
these risks, allowing organizations to mitigate legitimate threats quickly and effectively.
Organizations need to align themselves with the current cybersecurity landscape by leveraging
machine learning (ML) models and user-behavior analytics (UBA) to predict, detect, and prevent
insider threats, access abuse, and cyber-fraud. ML-based behavior analytics can extract context
from big data, so there's no dependency on traditional rule-based security controls that are often
Organizations can continuously monitor behavior and dynamically calculate risk scores for real-time
responses to anomalies. Unfortunately, cyber threats are becoming increasingly advanced, and the
speed at which threats should be detected and eliminated has to be machine-speed. Security
analytics rely on algorithms to provide in-depth analysis that otherwise cannot be achieved through
manual processes.
evaluation—they cannot simply block user access to corporate networks, because the user is not
Building on the idea of Zero Trust, Gartner's Continuous Adaptive Risk and Trust Assessment
(CARTA) strategy is specially designed for continuous adaptation that goes beyond basic allow or
deny models to provide contextually relevant access. In this model, all systems and devices are
considered potentially compromised and their behaviors are continuously assessed for risk and
trust.
Gartner notes that Zero Trust is the first step on the road to the CARTA framework, where
observations continue after logins and logins are reassessed regularly. In this way, trust can be
initially established upon authentication, but can also be revoked based on the pattern of behavior.
Both CARTA and Zero Trust support real-time assessments and monitoring. CARTA’s additional
security measures not only reduce the risk of a breach, but also improve attack containment in case
set of principles that operate thematically. There are six key steps to follow before implementation.
Identify the roles of users, and assign users roles with proper access policies.
Build your Zero Trust network based on the tenets specified by NIST.
Continuously monitor the network for anomalies, and update rules based on
Migrating to a Zero Trust environment is a strategic exercise that does not require an outright
replacement of existing infrastructure or security frameworks. Instead, it's a journey that involves
practicing Zero Trust principles and processes, and then moving towards technology solutions and
workflows.
If you're looking to implement Zero Trust in your organization, we can help. Our IAM and
cybersecurity consultants will work with your team to walk you through the six steps of Zero Trust
13
About the author
Debanjali Ghosh is a cybersecurity strategist who helps IT leaders and global enterprises overcome
complex cybersecurity challenges. Debanjali's primary focus is on emerging IT trends and security
concerns. She has conducted research studies and authored e-books that provide insights on
Debanjali Ghosh
debs@manageengine.com
AD360 is an identity and access management (IAM) solution for managing user identities, governing access to
resources, enforcing security, and ensuring compliance. AD360 provides all these functionalities for Windows Active
Directory, Exchange Server, and Office 365. With AD360, you can choose the modules you need and start
addressing IAM challenges across on-premises, cloud, and hybrid environments—all from a single console.